- AWS Audit
- Cloudwatch Audit
Checks performed
- AWS CloudWatch Events Should Be Used
- AWS Config Changes Alarm Should Be Enabled
- AWS Console Sign In Without MFA Should Be Monitored
- AWS Organizations Changes Alarm
- Authorization Failures Alarm
- CMK Disabled or Scheduled for Deletion Alarm
- CloudTrail Changes Alarm
- Console Sign-in Failures Alarm
- EC2 Instance Changes Alarm
- EC2 Large Instance Changes Alarm
- IAM Policy Changes Alarm
- Internet Gateway Changes Alarm
- Network ACL Changes Alarm
- Root Account Usage Alarm
- Route Table Changes Alarm
- S3 Bucket Changes Alarm
- Security Group Changes Alarm
- VPC Changes Alarm
- Event Bus Should Not Be Exposed
- EventBus Should Not Allow Cross Account Access
- CloudWatch Alarm for VPC Flow Logs Metric Filter
- Metric Filter for VPC Flow Logs CloudWatch Log Group